Free Resources

PCI Audit

A PCI compliance audit assesses a merchant’s point-of-sale (POS) system by examining it, identifying vulnerabilities and instituting precautions to prevent data from being compromised. There are two basic reasons that a business that accepts credit cards would be required to have an onsite assessment of their cardholder data environment:

Merchants in Levels 2 through 4 are required to undergo a PCI compliance audit if they suffer a data security breach, or if their merchant services provider determines that they have an increased risk of data breach.

A PCI compliance audit must be conducted by a Qualified Security Assessor (QSA) approved by the Payment Card Industry Security Standards Council (PCI SSC). He or she evaluates all aspects of your security infrastructure — from policies and procedures to systems and networks — and provides you with a risk assessment that is the basis for improving your data security. Think of it as your roadmap for achieving or reclaiming your PCI compliance.

After reviewing the assessment and prioritizing the points that need attention, the QSA will provide you and your employees with security awareness training to bring you up to date with current PCI standards.

As part of the ongoing PCI compliance process, it is your responsibility to implement the changes noted in the QSA’s audit report, known as the Report on Compliance (ROC). The QSA can act as a consultant or manage the process. This is part of the 3-step Assess/Remediate/Report approach to PCI DSS compliance process advocated by the PCI SSC:

Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.

Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.

Report: Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.

Rather than being something you should dread, a PCI compliance audit with a QSA can be a valuable tool to keep your business and your customers safe from a payment card data breach. TransFirst® is standing by to help you reach and maintain the highest level of PCI compliance.

200,000

Richard Hari in your Colorado credit card customer service operation is one the best people I've ever dealt with in any type of business. I had a problem with credit card processing for my very, very small business. I was told I would get a call in two business days. Richard called in about 20 minutes. He was patient and took time to walk me through the process. Great job and a credit to TransFirst.

- Online Retailer | Bruceton Mills, WV

Two key things here. #1 – This program has saved me hundreds of dollars a year, and #2 – the service. The last time I called my question was answered in one simple phone call. We didn't take credit cards for a long time due to the expense ... I am so glad I took the time to listen when you came in because this is so much better.

- Restaurant Owner | Palm Bay, FL

TransFirst has done everything they said they would do, and they do it every month with service and savings. We are saving very big dollars each month, so we are very happy with the service.

- Police Benevolent Association | McDonough, GA

I'm writing to thank you for the superb customer support you've offered us in the setting up of our account. Your prompt replies to my questions, even through your illness, speaks very well of your organization and your own sense of responsibility. I would ask you to kindly forward this note to your supervisor, because I want him/her to appreciate your 'above and beyond' approach to your clients.

- Vision Care Provider | Windham, VT

I am extremely happy with TransFirst! The Transaction Express saves me hours a week with the ease of transactions and the up-to-date reporting. The service team is knowledgeable and eager to help. The best part, though, is the savings. Patrick made it so easy to switch merchant accounts. I wish I would have done it years ago!